When you log in to one of your many online accounts, you always need to authenticate yourself. That is, you’re required to prove who you are and that the account is indeed yours. Failing to do so results in getting locked out. While single-factor authentication, where you give a username and a static password to prove your identity is, by far, the most common, it has been proven countless times to be very insecure. Many websites don’t encourage you to create strong passwords, which doesn’t help either. Two-factor verification – where, for example, the user may be sent an SMS when signing in, provides slightly higher security. However, text messages are easy to steal, too, so the popular two-factor verification is still far from being a reliably secure authentication method. It’s better than nothing, but there are much safer authentication methods out there:
One-Time Password (OTP)
An OTP and its sibling, time-based one-time passwords (TOTP), are unique temporary passwords. Using an OTP means that hackers won’t be able to use your stolen credentials since only your username will be valid. This is a way to significantly protect sensitive data, such as banking credentials.
An OTP can be created in various ways. The traditional way is to use grid cards, but a hacker can easily replicate these. A solid alternative is a security token, a hardware device designed to generate OTPs. Unfortunately, it’s expensive, so the best – and cheapest – way to protect yourself is to use an authenticator app that you easily carry around on your phone.
If there’s one thing that you always have with you, it’s your body. Biometric scans are a common authentication method in large companies. Your fingerprint, face pattern, hand geometry, and eyes are all unique to you and stealing them is almost impossible. You don’t even need those ominous machines you see in old sci-fi films – with the right calibration, a smartphone will do the job. Biometric authentication is bullet-proof since stealing your physical traits is much harder than hacking a password, text message, or smartphone.
Unfortunately, biometric scanners are unpredictable. A cut on a finger and red eyes are problematic, but biometrics scanners can even be fooled by forged images such as a Facebook profile picture. While developers are working hard to rectify this, it seems unlikely that biometrics will replace passwords in the near future.
Continuous authentication means what its name suggests: it regularly identifies you during a session. This is likely familiar to those who often use online banking services, as most require you to enter your authentication code when signing in and then again to validate a transfer. When used with other online accounts, this form of authentication monitors your behavior and regularly verifies your identification by asking for your password, generating a unique password again, or requesting a biometric scan. While it offers increased security due to the repetitive nature of its authentication, it also faces the same problems as the methods previously mentioned.
The Three Factors of Authentication
There are three authentication factors to talk about when you use any of these methods: knowledge, possession, and inherence. The knowledge factor is the most self-explanatory, as it involves authentication based on information you already know. This can be anything: usernames, passwords, the name of your favorite childhood action hero, the ultimate question of life, etc. The more information you provide – that is, answering numerous personalized questions – the harder this factor is to crack, making it a great first line of defense. The possession factor refers to a physical item, such as the device you use for work, your personal smartphone, or a security key. The inherence factor is closely connected to biometric authentication, as it’s something specific to you. It can involve any physical trait, such as your fingerprint, retina, face, or even voice.
So, which one is the best then? Neither and all, you might say, since these three factors work best when combined. Come up with a complex password, use an authenticator to generate a one-time code, add a retina scan on top, et voila, your account will be impenetrable. Admittedly, this all sounds very complex and seems like a lot of effort when you have multiple accounts. Luckily, password managers like 1Password can help since they generate extremely complex passwords and support OTP. Combining a password manager with a security key, for instance, makes authentication as safe as it can possibly get.
Best Password Managers of 2023
|Editor's Choice 2023
Get the Best Deals on Password Managers
Subscribe to our monthly newsletter to get the best deals, free trials and discounts on password managers.